-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.hugegraph:hugegraph-hubble | maven | >= 1.0.0, < 1.3.0 | 1.3.0 |
Miggo AIRoot Cause AnalysisThe SSRF occurs in the Hubble connection page where users configure backend servers. The testConnection endpoint would naturally accept a URL parameter to verify connectivity. Without proper validation of user-supplied URLs (like checking against internal network targets), this function would blindly follow redirects or connect to arbitrary hosts. The vulnerability context explicitly mentions the connection page as the attack vector, and SSRF patterns typically involve such endpoint testing functions.
Ongoing coverage of React2Shell